| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324 |
- //------------------------------------------------------------
- // Copyright (c) Microsoft Corporation. All rights reserved.
- //------------------------------------------------------------
- namespace System.ServiceModel.Security
- {
- using System.ServiceModel;
- using System.ServiceModel.Channels;
- using System.Collections.ObjectModel;
- using System.Collections.Generic;
- using System.IdentityModel.Claims;
- using System.IdentityModel.Policy;
- using System.IdentityModel.Tokens;
- using System.ServiceModel.Security.Tokens;
- using System.Net.Security;
- public class SecurityMessageProperty : IMessageProperty, IDisposable
- {
- // This is the list of outgoing supporting tokens
- Collection<SupportingTokenSpecification> outgoingSupportingTokens;
- Collection<SupportingTokenSpecification> incomingSupportingTokens;
- SecurityTokenSpecification transportToken;
- SecurityTokenSpecification protectionToken;
- SecurityTokenSpecification initiatorToken;
- SecurityTokenSpecification recipientToken;
- ServiceSecurityContext securityContext;
- ReadOnlyCollection<IAuthorizationPolicy> externalAuthorizationPolicies;
- string senderIdPrefix = "_";
- bool disposed = false;
- public SecurityMessageProperty()
- {
- this.securityContext = ServiceSecurityContext.Anonymous;
- }
- public ServiceSecurityContext ServiceSecurityContext
- {
- get
- {
- ThrowIfDisposed();
- return this.securityContext;
- }
- set
- {
- ThrowIfDisposed();
- this.securityContext = value;
- }
- }
- public ReadOnlyCollection<IAuthorizationPolicy> ExternalAuthorizationPolicies
- {
- get
- {
- return this.externalAuthorizationPolicies;
- }
- set
- {
- this.externalAuthorizationPolicies = value;
- }
- }
- public SecurityTokenSpecification ProtectionToken
- {
- get
- {
- ThrowIfDisposed();
- return this.protectionToken;
- }
- set
- {
- ThrowIfDisposed();
- this.protectionToken = value;
- }
- }
- public SecurityTokenSpecification InitiatorToken
- {
- get
- {
- ThrowIfDisposed();
- return this.initiatorToken;
- }
- set
- {
- ThrowIfDisposed();
- this.initiatorToken = value;
- }
- }
- public SecurityTokenSpecification RecipientToken
- {
- get
- {
- ThrowIfDisposed();
- return this.recipientToken;
- }
- set
- {
- ThrowIfDisposed();
- this.recipientToken = value;
- }
- }
- public SecurityTokenSpecification TransportToken
- {
- get
- {
- ThrowIfDisposed();
- return this.transportToken;
- }
- set
- {
- ThrowIfDisposed();
- this.transportToken = value;
- }
- }
- public string SenderIdPrefix
- {
- get
- {
- return this.senderIdPrefix;
- }
- set
- {
- XmlHelper.ValidateIdPrefix(value);
- this.senderIdPrefix = value;
- }
- }
- public bool HasIncomingSupportingTokens
- {
- get
- {
- ThrowIfDisposed();
- return ((this.incomingSupportingTokens != null) && (this.incomingSupportingTokens.Count > 0));
- }
- }
- public Collection<SupportingTokenSpecification> IncomingSupportingTokens
- {
- get
- {
- ThrowIfDisposed();
- if (this.incomingSupportingTokens == null)
- {
- this.incomingSupportingTokens = new Collection<SupportingTokenSpecification>();
- }
- return this.incomingSupportingTokens;
- }
- }
- public Collection<SupportingTokenSpecification> OutgoingSupportingTokens
- {
- get
- {
- if (this.outgoingSupportingTokens == null)
- {
- this.outgoingSupportingTokens = new Collection<SupportingTokenSpecification>();
- }
- return this.outgoingSupportingTokens;
- }
- }
- internal bool HasOutgoingSupportingTokens
- {
- get
- {
- return ((this.outgoingSupportingTokens != null) && (this.outgoingSupportingTokens.Count > 0));
- }
- }
- public IMessageProperty CreateCopy()
- {
- ThrowIfDisposed();
- SecurityMessageProperty result = new SecurityMessageProperty();
- if (this.HasOutgoingSupportingTokens)
- {
- for (int i = 0; i < this.outgoingSupportingTokens.Count; ++i)
- {
- result.OutgoingSupportingTokens.Add(this.outgoingSupportingTokens[i]);
- }
- }
- if (this.HasIncomingSupportingTokens)
- {
- for (int i = 0; i < this.incomingSupportingTokens.Count; ++i)
- {
- result.IncomingSupportingTokens.Add(this.incomingSupportingTokens[i]);
- }
- }
- result.securityContext = this.securityContext;
- result.externalAuthorizationPolicies = this.externalAuthorizationPolicies;
- result.senderIdPrefix = this.senderIdPrefix;
- result.protectionToken = this.protectionToken;
- result.initiatorToken = this.initiatorToken;
- result.recipientToken = this.recipientToken;
- result.transportToken = this.transportToken;
- return result;
- }
- public static SecurityMessageProperty GetOrCreate(Message message)
- {
- if (message == null)
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("message");
- SecurityMessageProperty result = null;
- if (message.Properties != null)
- result = message.Properties.Security;
- if (result == null)
- {
- result = new SecurityMessageProperty();
- message.Properties.Security = result;
- }
- return result;
- }
- void AddAuthorizationPolicies(SecurityTokenSpecification spec, Collection<IAuthorizationPolicy> policies)
- {
- if (spec != null && spec.SecurityTokenPolicies != null && spec.SecurityTokenPolicies.Count > 0)
- {
- for (int i = 0; i < spec.SecurityTokenPolicies.Count; ++i)
- {
- policies.Add(spec.SecurityTokenPolicies[i]);
- }
- }
- }
- internal ReadOnlyCollection<IAuthorizationPolicy> GetInitiatorTokenAuthorizationPolicies()
- {
- return GetInitiatorTokenAuthorizationPolicies(true);
- }
- internal ReadOnlyCollection<IAuthorizationPolicy> GetInitiatorTokenAuthorizationPolicies(bool includeTransportToken)
- {
- return GetInitiatorTokenAuthorizationPolicies(includeTransportToken, null);
- }
-
- internal ReadOnlyCollection<IAuthorizationPolicy> GetInitiatorTokenAuthorizationPolicies(bool includeTransportToken, SecurityContextSecurityToken supportingSessionTokenToExclude)
- {
- // fast path
- if (!this.HasIncomingSupportingTokens)
- {
- if (this.transportToken != null && this.initiatorToken == null && this.protectionToken == null)
- {
- if (includeTransportToken && this.transportToken.SecurityTokenPolicies != null)
- {
- return this.transportToken.SecurityTokenPolicies;
- }
- else
- {
- return EmptyReadOnlyCollection<IAuthorizationPolicy>.Instance;
- }
- }
- else if (this.transportToken == null && this.initiatorToken != null && this.protectionToken == null)
- {
- return this.initiatorToken.SecurityTokenPolicies ?? EmptyReadOnlyCollection<IAuthorizationPolicy>.Instance;
- }
- else if (this.transportToken == null && this.initiatorToken == null && this.protectionToken != null)
- {
- return this.protectionToken.SecurityTokenPolicies ?? EmptyReadOnlyCollection<IAuthorizationPolicy>.Instance;
- }
- }
- Collection<IAuthorizationPolicy> policies = new Collection<IAuthorizationPolicy>();
- if (includeTransportToken)
- {
- AddAuthorizationPolicies(this.transportToken, policies);
- }
- AddAuthorizationPolicies(this.initiatorToken, policies);
- AddAuthorizationPolicies(this.protectionToken, policies);
- if (this.HasIncomingSupportingTokens)
- {
- for (int i = 0; i < this.incomingSupportingTokens.Count; ++i)
- {
- if (supportingSessionTokenToExclude != null)
- {
- SecurityContextSecurityToken sct = this.incomingSupportingTokens[i].SecurityToken as SecurityContextSecurityToken;
- if (sct != null && sct.ContextId == supportingSessionTokenToExclude.ContextId)
- {
- continue;
- }
- }
- SecurityTokenAttachmentMode attachmentMode = this.incomingSupportingTokens[i].SecurityTokenAttachmentMode;
- // a safety net in case more attachment modes get added to the product without
- // reviewing this code.
- if (attachmentMode == SecurityTokenAttachmentMode.Endorsing
- || attachmentMode == SecurityTokenAttachmentMode.Signed
- || attachmentMode == SecurityTokenAttachmentMode.SignedEncrypted
- || attachmentMode == SecurityTokenAttachmentMode.SignedEndorsing)
- {
- AddAuthorizationPolicies(this.incomingSupportingTokens[i], policies);
- }
- }
- }
- return new ReadOnlyCollection<IAuthorizationPolicy>(policies);
- }
- public void Dispose()
- {
- // do no-op for future V2
- if (!this.disposed)
- {
- this.disposed = true;
- }
- }
- void ThrowIfDisposed()
- {
- if (this.disposed)
- {
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ObjectDisposedException(this.GetType().FullName));
- }
- }
- }
- }
|
